Source: lxc Version: 1:1.0.6-6 Severity: grave Tags: patch upstream security Justification: user security hole
Hi, the following vulnerability was published for lxc, filling it with RC severity, should possibly be fixed in stretch before the release, although we do not enable user namespaces by default. CVE-2017-5985[0]: lxc-user-nic didn't verify network namespace ownership If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5985 [1] https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html [2] https://launchpad.net/bugs/1654676 [3] https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
